This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/K_y2fKHPzfyMG_X9CTHflV0WLi0.roa
File:                     K_y2fKHPzfyMG_X9CTHflV0WLi0.roa (raw, json)
Hash identifier:          KabNvipw1vq+vrMlPeKcdUkL/gp9b7QpFWkct8rC9KU=
Subject key identifier:   2B:FC:B6:7C:A1:CF:CD:FC:8C:1B:F5:FD:09:31:DF:95:5D:16:2E:2D
Certificate issuer:       /CN=848d9800d69debae11b7f8161c3ce88181fde7b4
Certificate serial:       019B7C112347CE7D31FD6768F7566247B7CA
Authority key identifier: 84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/K_y2fKHPzfyMG_X9CTHflV0WLi0.roa
Signing time:             Fri 02 Jan 2026 00:17:36 +0000
ROA not before:           Fri 02 Jan 2026 00:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204862
IP address blocks:        185.237.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 09:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:23:47:ce:7d:31:fd:67:68:f7:56:62:47:b7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=848d9800d69debae11b7f8161c3ce88181fde7b4
        Validity
            Not Before: Jan  2 00:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bfcb67ca1cfcdfc8c1bf5fd0931df955d162e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:7c:ce:0a:ab:5a:b2:50:28:c1:42:7c:fa:8d:
                    61:fb:7b:37:6d:fb:b0:66:5c:9f:64:55:a4:07:92:
                    9c:72:cb:32:fc:b4:02:4c:65:ea:25:4e:da:ac:5a:
                    a7:fe:ed:b5:f6:64:5e:35:11:14:89:23:65:e7:ea:
                    cb:52:8d:28:26:3b:28:b6:f1:93:e3:5e:cd:e7:02:
                    89:7f:f0:d8:5b:f1:04:6a:81:6e:25:2c:e6:a9:da:
                    4d:46:27:d6:a0:0b:ef:4e:88:06:e3:71:1e:fa:9d:
                    dc:e5:11:82:5f:dd:73:d8:b1:9d:63:e2:e1:39:e7:
                    65:5e:da:c7:21:3b:c8:26:44:45:0d:70:0b:01:65:
                    ef:42:79:be:a5:33:f7:22:0d:8c:76:e1:e0:f6:50:
                    d3:4e:5a:7e:b5:c7:83:3b:51:ae:00:1c:1d:da:db:
                    f5:fd:b6:fd:fd:ef:0c:8a:65:c3:d5:85:38:ac:6b:
                    d1:e4:16:97:99:34:25:45:4c:05:b9:e6:a8:f2:59:
                    fb:03:db:d2:80:c9:37:42:42:ab:42:c1:a8:12:b7:
                    0d:01:54:f8:77:1b:1a:3f:ef:da:af:70:3e:50:49:
                    f7:77:d4:90:7a:e2:d4:44:19:aa:f1:9f:70:a6:61:
                    f1:8d:1d:82:54:e9:df:b7:35:30:94:3f:cd:d8:ba:
                    18:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:FC:B6:7C:A1:CF:CD:FC:8C:1B:F5:FD:09:31:DF:95:5D:16:2E:2D
            X509v3 Authority Key Identifier:
                keyid:84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/K_y2fKHPzfyMG_X9CTHflV0WLi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:f4:99:9e:3d:da:a6:c2:36:22:ee:1c:27:b5:d2:d9:53:67:
         97:54:d0:2d:df:17:11:d6:62:2e:0a:3d:c3:91:de:ca:69:28:
         47:77:89:f3:6a:33:83:8a:93:aa:69:74:62:9c:45:48:e3:5a:
         4d:5d:6c:6d:ce:24:f6:70:cf:29:88:ae:ab:bf:60:3e:39:1d:
         a5:7c:c2:26:da:e7:e5:58:8f:86:37:08:1b:5f:24:e5:08:6f:
         b0:11:24:7e:b5:71:1e:a3:2a:43:eb:24:a6:9b:0d:b4:ae:2b:
         14:aa:bc:8d:3c:17:02:02:b7:00:3e:c1:d2:39:21:d5:4d:3d:
         30:48:ac:86:b2:4c:f5:34:f8:cc:cd:c6:55:ac:a6:fc:78:57:
         b7:92:f1:73:ef:fd:5a:b4:0a:7f:58:67:93:17:e8:02:fb:48:
         2f:bc:68:5a:1e:d2:e4:11:18:d2:19:b6:4e:ff:9b:ea:c8:2c:
         42:30:8e:58:96:a0:30:9d:16:71:b9:5a:34:0a:c2:b2:ed:65:
         7e:98:01:7a:3e:b2:28:7d:26:30:9c:2c:a6:74:23:13:05:12:
         e8:8f:e1:2d:d6:f6:f2:a7:0b:bf:61:7f:da:fb:05:ea:a7:d1:
         e7:b5:f9:b4:7e:6e:93:17:58:da:51:97:60:60:2b:7c:c9:9b:
         b3:8b:36:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ESNHzn0x/Wdo91ZiR7fKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OGQ5ODAwZDY5ZGViYWUxMWI3ZjgxNjFjM2NlODgxODFm
ZGU3YjQwHhcNMjYwMTAyMDAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmZjYjY3Y2ExY2ZjZGZjOGMxYmY1ZmQwOTMxZGY5NTVkMTYyZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nzOCqtaslAowUJ8+o1h+3s3bfuw
ZlyfZFWkB5Kccssy/LQCTGXqJU7arFqn/u219mReNREUiSNl5+rLUo0oJjsotvGT
417N5wKJf/DYW/EEaoFuJSzmqdpNRifWoAvvTogG43Ee+p3c5RGCX91z2LGdY+Lh
OedlXtrHITvIJkRFDXALAWXvQnm+pTP3Ig2MduHg9lDTTlp+tceDO1GuABwd2tv1
/bb9/e8MimXD1YU4rGvR5BaXmTQlRUwFueao8ln7A9vSgMk3QkKrQsGoErcNAVT4
dxsaP+/ar3A+UEn3d9SQeuLURBmq8Z9wpmHxjR2CVOnftzUwlD/N2LoYWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCv8tnyhz838jBv1/Qkx35VdFi4tMB8GA1UdIwQY
MBaAFISNmADWneuuEbf4Fhw86IGB/ee0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEt
M2Q5M2ZlNmQyMGFhLzEvS195MmZLSFB6ZnlNR19YOUNUSGZsVjBXTGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEtM2Q5M2ZlNmQyMGFh
LzEvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue2oMA0G
CSqGSIb3DQEBCwUAA4IBAQBi9JmePdqmwjYi7hwntdLZU2eXVNAt3xcR1mIuCj3D
kd7KaShHd4nzajODipOqaXRinEVI41pNXWxtziT2cM8piK6rv2A+OR2lfMIm2ufl
WI+GNwgbXyTlCG+wESR+tXEeoypD6ySmmw20risUqryNPBcCArcAPsHSOSHVTT0w
SKyGskz1NPjMzcZVrKb8eFe3kvFz7/1atAp/WGeTF+gC+0gvvGhaHtLkERjSGbZO
/5vqyCxCMI5YlqAwnRZxuVo0CsKy7WV+mAF6PrIofSYwnCymdCMTBRLoj+Et1vby
pwu/YX/a+wXqp9Hntfm0fm6TF1jaUZdgYCt8yZuzizax
-----END CERTIFICATE-----